Take Courses
Get Certified
Attend Events
Explore Resources
About

Library

Professional Practice Image

Library

A selection of materials from DRI International is available here as an added benefit for DRI members. We hope you enjoy this informative collection of industry information and research.

Loading Filters

Acceptable Risk? Or Acceptable Risk!

Event: Annual Conference - DRI2024

Author: Harvey Nusz

Acceptable Risk – a term that should be at the foundation of your corporate risk program. When it comes to organizational risk management it should be foundational that a clear and singular definition of acceptable risk has been established that can be used to evaluate risk to the business. Too many companies operate with multiple definitions and blind spots in the identification of critical risks. Each enterprise must seek to have a unified definition that can be used to compare risk and facilitate the prioritization of risks and mitigation. There are three common challenges we will explore: First, the absence of a single encompassing definition of acceptable risk. Second, the tendency to focus on physical assets over other risk assets. Risk can present itself in many forms to include supply chain, processes, service providers, software, and even specific individuals or roles. Third is the energy that is spent collecting an inventory of critical assets that are not linked to risk mitigation actions. We will take a deeper dive into these three common challenges. Some tools we will look at include: • Governance principles • Understanding your critical assets • Risk management principles and strategies • Importance of a risk register supported by the business, without silos – updated regularly, communicated and reviewed • Data protection impact assessment • Postmortem reviews and lessons learned – when is a lesson really learned? This session will discuss how addressing these challenges and implementing these tools and principles will enable organizations to enhance their ability to better identify and achieve Acceptable Risk for their critical assets, and foster a culture of governance, compliance, awareness and management. The presenter will work with DRI to identify a company wanting to discuss a current issue in acceptable risk and utilize a portion of this interactive session as a workshop to identify potential risk mitigations.

Tags: Risk Assessment, Risk Management

People First: Examining the Rise of Human Capital Risk and Implications for Business Continuity Programs

Event: Annual Conference - DRI2024

Author: Andrea Abrams, Steven Lei

Have you ever experienced higher volumes of unexpected leaves of absence that negatively impacted operations? How is human capital integrated into your business continuity program? Going beyond tracking employee residential zip codes, are you integrating this essential part of your enterprise in more than a perfunctory way? Whether your entity’s dependencies involve union labor or a recruitment pool whose tastes are changing, to stay on the leading edge of resilience you must incorporate planning for human capital risk into your business continuity plan. In this interactive workshop we’ll talk through strategies to get started and encourage attendees to share from their experience.

Tags: Risk Assessment, Risk Management

Merging Cyber Resilience and Cybersecurity to Improve Response and Recovery

Event: DRI Collegiate Conference - NYU - Oct. 6, 2023

Author: Rouz Hashemi, CCRP,

A proper cyber resilience approach has always required business and technology stakeholders to interact, decide, and set appropriate risk tolerance. But with the National Institute of Standards and Technology (NIST) adding the term “govern” to its framework, what is the opportunity for change and improvement? In this session, we will discuss how merging cyber resilience and cybersecurity under the NIST framework will enable organizations to be better prepared for and better able to respond to and recover from cyberattacks in a more tangible manner.

Tags: Cyber Resilience, Risk Assessment

Riskonnect Webinar - Threat Intelligence: What Is It and How Can It Benefit Business Continuity?

Event: DRI Webinar

Author: Riskonnect

Natural disasters, civil unrest, transportation disruption and crime are just a few of the threats that can affect your operations in an instant. How do you actively monitor everything? The answer is threat intelligence. Threat intelligence is increasingly becoming an important early-warning part of broader business continuity programs. This webinar explains the value of threat intelligence, how it connects to broader continuity and resilience program outcomes, and how you can incorporate it into your program. You'll discover how to get ahead of risk and learn from the threats that are actively affecting your operations, locations, and people. NOTE: This is a sponsored webinar with content produced by Riskonnect. The information contained in this presentation represents the views and opinions of Riskonnect and does not necessarily represent the views or opinions of DRI International.

Tags: Risk Assessment

Business Continuity and the Insurance Industry

Event: DRI Collegiate Conference - University of Texas at Dallas - Mar. 28, 2023

Author: Michelle Cross

Talk about risky business! One of the most fascinating and mind-bending aspects of business continuity is its relationship with insurance and risk. Michelle Cross, Vice President, Fidelity Institutional Business Continuity will discuss how these disciplines should co-exist for maximum resilience.

Tags: Risk Assessment, Business Continuity Program

Cascading Risks

Event: DRI Resilience Excellence Summit 2022

Author: Dr. Gianluca Pescaroli

DRI welcomes Dr. Gianluca Pescaroli for an in-depth tour of his research on building and improving the continuity of operations during disruptive events, minimizing their impacts, and increasing resilience of the public and private sectors. This includes managing complex challenges such as cascading risks, critical infrastructure failures, systemic and compound dynamics. His work is impact -oriented, aiming to bridge academia and practice. In 2016, he co-founded the Research Group on Cascading Disasters at UCL. Since then, he contributed to strategic documents such as the UN Office for Disaster Risk Reduction’s Guidelines on National Risk Assessment, and edited reports such as the Guidelines on Cascading Effects of Wide-Area Power Failures in collaboration with London Resilience.

Tags: Disaster Scenarios, Emergency preparedness, Emergency response, Europe, Risk Assessment, Risk Management, Ukraine, UNISDR

Assessing your Vendors: Taking Resiliency to the Next Level

Event: Annual Conference - DRI2022

Author: Alison Tarnopol, Michelle Cross

Understanding third party vendor risk is essential for organizational resiliency. This session will address best practices for assessing vendor risk and resiliency. We will review how to evaluate residual risks and potential impacts to incorporate vendor risk into a comprehensive resiliency program. We will also review using data analytics to better quantify and rate residual risk.

Tags: Best Practices, Resiliency, Resilient Enterprise, Risk Assessment, Vendor Assessment

Login to access Certified Professionals Only
Enterprise Resilience at Netflix

Event: Annual Conference - DRI2022

Author: Gayle Anders, TJ Mead

Taking Netflix’s unique culture into account, we have developed a strategic vision for the Enterprise Resilience (ER) program to identify where our critical assets are, how resilient they currently are, and how to increase their resilience when and if needed. This process includes: • Educating leadership and risk owners of their resilience risk posture • Developing a critical interdependency map to identify areas of unseen risk • Providing guidance and mitigation expertise to risk owners who require it The framework is built on the development of standardized, intuitive, and quantifiable business continuity, technology continuity, and corporate resilience measurements enabling teams to be aware of their resilience posture and to make the best possible resilience decisions.

Tags: Resilient Enterprise, Risk Assessment, Risk Management

Login to access Certified Professionals Only
Supply Chain Risk Management & an Integrated Risk Approach

Event: Annual Conference - DRI2020

Author: Roger A. Stearns

No matter if your company is small, medium or a global company we all have risks and we all have business continuity management programs. Our approach to supply chain risk will work for your organization as well. We have partnered with our internal business partners to create a fully integrated risk platform for supply chain risk management. During this session, we will cover supply chain and interdependent organizations, how risk is interpreted and the use of risk assessments, the crisis management continuum and mapping critical resources both internal and external. We will also discuss the use of environmental monitoring and your business continuity management system (BCMS). The 2019 and 2020 supply chain disruption predictions have been understated in my opinion. This approach to integrated risk management is our way to resilience and a more resilient organization.

Tags: Risk Assessment, Supply Chain

Login to access Certified Professionals Only
Follow the Money: How Yale University is Using Financial Information, Specifically Grant Funding, in our Business Continuity Program

Event: Annual Conference - DRI2020

Author: Stephen Woods

With over 400 buildings on 415 acres, including 4.4 million square feet of research space, Yale University was challenged with conducting a university-wide risk assessment and BIA. This session will explore how Yale incorporates financial information, specifically grant funding, into their risk assessment and BIA process to help identify and prioritize facilities and departments.

Tags: BIA, Risk Assessment

Login to access Certified Professionals Only
Handling Disaster After Effects and Their Collateral Consequences

Event: Annual Conference - DRI2020

Author: Jeanne D. Powell

Nothing in life happens in a vacuum and disasters are at the top of that list. Like a pebble dropped in a pond creates ripple effects, disasters always spawn multiple and various types of after effects in all possible directions, dimensions, timings, and each with their own consequences. Known risks usually have mitigation options. After Effects are not known until they happen. BCPs usually guide handling a singular disaster incident. However, BCPs rarely identify and document steps to resolve the spreading, pervasive, collateral, and consequential ramifications of after effects. Come join us and learn methods to identify and tackle different aspects and considerations of after effects and how to reduce their consequences. This session includes such things as definitions, a repeatable process methodology, characteristics for consideration, a practical walkthrough, and much more. Ripple effects tend to be two dimensional and far less consequential. What really happens are after effects. I thought of this topic because a disaster causes a multidimensional scattering of consequential after effects; each of which occurs at different times, has multifaceted characteristics and effects, with unique timelines and life cycles (my definition).

Tags: Risk Assessment

Login to access Certified Professionals Only
How Emerging Technologies Will Change the Practice of Business Continuity Over the Next Five Years

Event: Annual Conference - DRI2020

Author: Michele Corvino

The headlines are full of new technologies that are presented as threats to companies’ resilience. Have you ever stopped to consider how new technologies will impact the practice of business continuity beyond simply what types of events to consider in planning? In this presentation, we will look at how business continuity professionals will analyze risk and mitigate potential threats by leveraging new technologies in the next five years.

Tags: Risk Assessment, Technology

Login to access Certified Professionals Only
The Great Debate

Event: Annual Conference - DRI2020

Author: Lyndon Bird, Boris Issavi

What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? In this highly-interactive session, participants will have the opportunity to vote on a number of the key issues which have emerged from the DRI Future Vision Committee regular reports (Trends, Predictions and Careers). The presenter will respond to voting as it happens, providing instant feedback and opinion. Please come to this session ready to participate, debate, and even argue if you wish. Challenging and controversial opinions are welcome. Your input and the conclusions we reach as a group will be included in future FVC reports and will influence DRI thought leadership perspectives.

Tags: Risk Assessment, Trends and Predictions

Login to access Certified Professionals Only
Preparing for Mega-Events: Lessons From the 2012 London Olympics

Event: DRI Webinar

Author: Steve Yates, Andy Tomkinson

Take a look at how a major public event - in this case, the 2012 London Olympics prepares for and plans against mega-sized risks. This presentation will take you through the steps that were used during the preparation, planning and execution of the London Olympics and Paralympics Games, for which such “Mega Events” are classified as the “Greatest Show on Earth.”

Tags: Europe, Risk Assessment, Risk Management

Login to access Certified Professionals Only
Risk Assessment? Here's How!

Event: Annual Conference - DRI2018

Author: Dan See

Have you done a Risk Assessment lately, ever? Do you have a risk methodology to work with? Do you know the critical assets that really allow your organization to meet its business goals? What keeps you and your leadership up at night? This risk assessment workshop will put your conference time to good use and go beyond talking about risk assessments – you’ll actually do a risk assessment. Using a combination of lecture and practical exercise you will be able to go back to your organization and put your new risk assessment skills to use/ The workshop will cover risk methodology (analyzing, reporting, managing); undesirable events; performing the analysis (impact, threat, vulnerability) risk identification; risk mitigation; and risk reporting.

Tags: Risk Assessment, Risk Management

Login to access Certified Professionals Only
Using Key Performance and Risk Indicators to Make the BCM Business Case

Event: Annual Conference - DRI2018

Author: Roberta Witty

Educating business managers on the business value of business continuity management (BCM) is a challenge for many organizations. Often, this challenge arises because business managers don’t understand or appreciate the value of availability risk information or their relationship to it. This lack of understanding of how availability risk links to business performance is a leading cause of BCM programs having a great, exciting start, but ending in their long-term demise. In this session, we will discuss the following key issues: What do boards and line-of-business executives want from continuity of operations programs? How do the risk-based disciplines impact corporate performance? How can you use KPIs and KRIs to present a defensible case for the value and effectiveness of BCM to an executive audience?

Tags: Risk Assessment, Risk Management

Login to access Certified Professionals Only
Healthcare Track: Continuity of Healthcare for Major Chemical Mass Casualty Incidents

Event: Annual Conference - DRI2018

Author: Mike Mastrangelo

The University of Texas Medical Branch at Galveston was recently invited to meet with the Department of Homeland Security, Office of Health Affairs to present on UTMB’s 3-year effort to develop a national model for response to major chemical incidents such as releases of toxic industrial chemicals like Hydrofluoric Acid (HF). Unlike other chemical releases, HF produces a heavier-than-air persistent vapor cloud that is toxic to people, animals, and plant life. Specific medical countermeasures are needed to treat HF injuries, yet these are in short supply. Department of Homeland Security also recently completed a three-year effort to develop a new framework and strategic approach to chemical incident preparedness (for terrorist incidents and accidents). Although the efforts were independent, there were many commonalities, including the use of advanced computational modeling by Lawrence Livermore National Laboratory to simulate chemical release scenarios. Another significant similar approach was to enhance the risk assessment process to incorporate information about the jurisdiction’s response capability. A new toolset was developed called a Response Risk Assessment (RRA). In its pilot program, DHS completed the RRA at five cities across the United States (including Houston as part of the Super Bowl preparedness effort). At the conclusion of the meeting, the Office of Health Affairs and UTMB agreed to pilot test the RRA Toolset in Galveston County Texas with the assistance of UTMB. The ultimate goal is to roll out the toolset to all U.S. jurisdictions for self-assessments. The presentation will use HF as a case study on use of an enhanced risk assessment process to build healthcare continuity. Another aspect of preparedness examined is the use of a combination of an all-chemical hazards approach – with – a specific planning approach for Priority Risk chemicals in a given region. UTMB now sponsors an annual HF incident symposium that includes national and international experts in various aspects of the response. Honeywell, the world’s largest producers of HF, participates in UTMB’s annual HF Exercise and Symposium. The project won a University of Texas National Security Excellence grant and was the basis for a recent award of a Combined Coordinated Terrorist Attack (CCTA) preparedness grant from Department of Homeland Security/FEMA.

Tags: Healthcare, Risk Assessment

Login to access Certified Professionals Only
World Economic Forum 2017 Risk Report Overview

Event: Annual Conference - DRI2017

Author: Mary Gardner

This session will provide an overview of the 2017 World Economic Forum (WEF) Risk Report. 2017 marks the twelfth year that the WEF surveys over 800 global leaders to determine their top ten risks. In recent years, societal, geopolitical and environmental threats have come to supplant economic risks as issues of greatest global concern. As our world continues to be more interconnected, a holistic risk management approach needs to consider the interdependencies between risks. The 2016 WEF Risk Report called for actions to build resilience. This session will identify practical examples of how this could be done.

Tags: Resiliency, Global Strategy, Risk Assessment, Risk Management

Login to access Certified Professionals Only
Quantifying Risk Continuity of Healthcare

Event: DRI Collegiate Conference - University of St. Thomas - April 23 2016

Author: Mike Mastrangelo

Given the high level of risk at the UTMB Campus, we work to eliminate the subjectivity of the risk assessment process as much as possible and to quantify that risk where possible. The risk assessment process is the foundation of UTMB's Preparedness Program and it affords officials the the best information to optimize preparedness and respond to incidents. An overview of the Preparedness Program will be provided - looking at specific examples of risk quantification including hurricanes and chemical incidents (Hydrofluoric Acid incidents in particular).

Tags: Healthcare, Higher Education, Risk Assessment

Login to access Certified Professionals Only